Software 43074 Published by

The release candidate for PHP 8.4.6 has been released for testing, addressing multiple bugs, including pointer subtraction for scale, property hook backing value access in multi-level inheritance, unintended inheritance of default values in overridden virtual properties, as well as problems with reflection functions and lazy objects. The update also resolves OSS-Fuzz #403308724, notable performance degradation in 'foreach', assertion violations when accessing the same file multiple times, DOM issues, lowercased attributes in the DOM, and the destruction of live attributes by xinclude. Additional corrections encompass memory leaks identified in the error handling paths of fuzzer SAPI, as well as memory leaks within GD, LDAP, Mbstring, Opcache, PDO, Standard, SOAP, SPL, Treewide, and Windows. The updates resolve concerns related to typemap, offsetGet, RC1 data returned from offsetGet, zend_reference_destroy(), and zend_vm_gen.php.



PHP 8.4.6RC1

- BCMath:
. Fixed pointer subtraction for scale. (SakiTakamachi)

- Core:
. Fixed property hook backing value access in multi-level inheritance.
(ilutov)
. Fixed accidentally inherited default value in overridden virtual properties.
(ilutov)
. Fixed bug GH-17376 (Broken JIT polymorphism for property hooks added to
child class). (ilutov)
. Fixed bug GH-17913 (ReflectionFunction::isDeprecated() returns incorrect
results for closures created from magic __call()). (timwolla)
. Fixed bug GH-17941 (Stack-use-after-return with lazy objects and hooks).
(nielsdos)
. Fixed bug GH-17988 (Incorrect handling of hooked props without get hook in
get_object_vars()). (ilutov)
. Fixed bug GH-17998 (Skipped lazy object initialization on primed
SIMPLE_WRITE cache). (ilutov)
. Fixed bug GH-17998 (Assignment to backing value in set hook of lazy proxy
calls hook again). (ilutov)
. Fixed bug GH-17961 (use-after-free during dl()'ed module class destruction).
(Arnaud)
. Fixed bug GH-15367 (dl() of module with aliased class crashes in shutdown).
(Arnaud)
. Fixed OSS-Fuzz #403308724. (nielsdos)
. Fixed bug GH-13193 again (Significant performance degradation in 'foreach').
(nielsdos)

- DBA:
. Fixed assertion violation when opening the same file with dba_open
multiple times. (chschneider)

- DOM:
. Fixed bug GH-17991 (Assertion failure dom_attr_value_write). (nielsdos)
. Fix weird unpack behaviour in DOM. (nielsdos)
. Fixed bug GH-18090 (DOM: Svg attributes and tag names are being lowercased).
(nielsdos)
. Fix xinclude destruction of live attributes. (nielsdos)

- Fuzzer:
. Fixed bug GH-18081 (Memory leaks in error paths of fuzzer SAPI).
(Lung-Alexandra)

- GD:
. Fixed bug GH-17984 (calls with arguments as array with references).
(David Carlier)

- LDAP:
. Fixed bug GH-18015 (Error messages for ldap_mod_replace are confusing).
(nielsdos)

- Mbstring:
. Fixed bug GH-17989 (mb_output_handler crash with unset
http_output_conv_mimetypes). (nielsdos)

- Opcache:
. Fixed bug GH-15834 (Segfault with hook "simple get" cache slot and minimal
JIT). (nielsdos)
. Fixed bug GH-17966 (Symfony JIT 1205 assertion failure). (nielsdos)
. Fixed bug GH-18037 (SEGV Zend/zend_execute.c). (nielsdos)
. Fixed bug GH-18050 (IN_ARRAY optimization in DFA pass is broken). (ilutov)
. Fixed bug GH-18113 (stack-buffer-overflow ext/opcache/jit/ir/ir_sccp.c).
(nielsdos)
. Fixed bug GH-18112 (NULL access with preloading and INI option). (nielsdos)
. Fixed bug GH-18107 (Opcache CFG jmp optimization with try-finally breaks
the exception table). (nielsdos)

- PDO:
. Fix memory leak when destroying PDORow. (nielsdos)

- Standard:
. Fix memory leaks in array_any() / array_all(). (nielsdos)

- SOAP:
. Fixed bug #66049 (Typemap can break parsing in parse_packet_soap leading to
a segfault) . (Remi)

- SPL:
. Fixed bug GH-18018 (RC1 data returned from offsetGet causes UAF in
ArrayObject). (nielsdos)

- Treewide:
. Fixed bug GH-17736 (Assertion failure zend_reference_destroy()). (nielsdos)

- Windows:
. Fixed bug GH-17836 (zend_vm_gen.php shouldn't break on Windows line
endings). (DanielEScherzer)

Release php-8.4.6RC1 · php/php-src